Much less data to back up so it can be stored in a way that is replicated for redundancy but still mutable. Separating the key and data is what allows for sending data to tape backup etc
The specifics of how the keys are backed against different failure modes/attacks is orthogonal to the splitting of data/key.
Yes you would need to carefully design the system that allows deletion of keys while minimizing chances of data loss, but it can be done, and it's going to be cheaper and less complex to do so on a tiny subset of the data.
Latency considerations are also down to design, it's not a given that there will be significant overhead imposed.
One simple way is to keep only a few days / weeks of (immutable) keys backups.
You can always stop the deletion of you have a big issue.
If the law says you have 14 days to delete all data, you keep only that much backups.
Quekid5|11 months ago
You've also added (possibly substantial) latency to every single operation that operates on user data.
muti|11 months ago
Yes you would need to carefully design the system that allows deletion of keys while minimizing chances of data loss, but it can be done, and it's going to be cheaper and less complex to do so on a tiny subset of the data.
Latency considerations are also down to design, it's not a given that there will be significant overhead imposed.
Unroasted6154|11 months ago